The organization must employ malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-27078	SRG-APP-NA	SV-34373r1_rule		Medium

Description
In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated prior to entering protected enclaves via information system entry and exit points. Information system entry and exit points include: firewalls, electronic mail servers, web servers, proxy servers, and remote-access servers. Malicious code includes viruses, worms, Trojan horses, and Spyware. The requirement states that anti-virus and malware protection applications must be used at entry and exit points. This does not apply to applications.

Description

In order to minimize potential negative impact to the organization that can be caused by malicious code, it is imperative that malicious code is identified and eradicated prior to entering protected enclaves via information system entry and exit points. Information system entry and exit points include: firewalls, electronic mail servers, web servers, proxy servers, and remote-access servers. Malicious code includes viruses, worms, Trojan horses, and Spyware. The requirement states that anti-virus and malware protection applications must be used at entry and exit points. This does not apply to applications.

STIG	Date
Application Security Requirements Guide	2011-12-28

Details

Check Text ( None )
None

Fix Text (None)
None